<?php
/**
 * resetpass.php
 * 
 * This file contains the code for the Reset Password webpage. 
 */
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];

require_once 'interface.php';
webpageDoctype();
print_html_title("Member System - Reset Password");
webpageMetaAndBodyStart();
echo "<p><div align='center'>";
	
	if ($username && $userid){
		
		if($_POST['resetpass']){
			//get data
			$pass = $_POST['pass'];
			$newpass = $_POST['newpass'];
			$confirmpass = $_POST['confirmpass'];
			
		//confirm data
		if($pass){
			if($newpass){
				if($confirmpass){
					if($newpass === $confirmpass){
						$password = md5(md5("b0b8o8".$password."b0b8o8"));
						
						require("./connect.php");
						
						//make sure pw is correct
						$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
						$numrows = mysql_num_rows($query);
						if($numrows == 1){
							//encrypt new pw
							$newpassword = md5(md5("b0b8o8".$newpass."b0b8o8"));
							
							//update db
							mysql_query("UPDATE users SET password='$newpassword' WHERE username='$username'");
							
							// make sure pw changed
							$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$newpassword'");
							$numrows = mysql_num_rows($query);
							if($numrows == 1){
								echo "Your password has been reset.";
							}else{
								echo"An error has occured and your password was not reset";
							}
						}else{
							echo"Your current password is incorrect";
						}
						mysql_close();
						
					}else{
						echo"Your new password did not match";
					}
				}else{
					echo"You must confirm your new password";
				}
			}else{
				echo"You must enter your new password.";
			}
		}else{
			echo"You must enter your current password.";
		}
		}else{
			echo"<form action ='./resetpass.php' method='post'>
			<table>
			<tr>
				<td>Current Password</td>
				<td><input type='text' name='pass'></td>
			</tr>
			<tr>
				<td>New Password</td>
				<td><input type='password' name='newpass'></td>
			</tr>
			<tr>
				<td>Confirm Password</td>
				<td><input type='submit' name='resetpass' value='Reset password'></td>
			</tr>
			<tr>
				<td></td>
				<td><input type='text' name='pass'></td>
			</tr>
			</table>";
		}
	}else{
		echo "Please login to access this page. <a href='./login.php'>Login here</a>";
	}	
echo "</div></p>";
webpageFooter();
?>